Goal 2: Ensure ability to address disaster or carry on in the face of disaster
Our work to date has established the foundation for improving our capacity to restore our technology in the face of disaster. However, there are still important technologies that fall outside of these plans. In the next two years, we must extend our disaster recovery and business continuity capabilities to cover more organizations and technologies. We must also be vigilant and prepare to meet new threats as they continue to emerge.
Phase II objectives addressing this goal:
- Extend disaster recovery and business continuity capabilities to more academic and administrative departments.
- Implement a university wide service for data storage, back-up and virtual hosting that leverages private and public cloud computing.
- Continue to assess security status and implement services, policies and guidelines to address weaknesses.
- Increase data center generator capacity to support growth.
Phase I Accomplishments:
IT Disaster Recovery
- Established and repeatedly tested on campus redundancy for Priority 1 services which support campus core network and communications infrastructure. These services can be reestablished within approximately 2 hours.
- Implemented and tested an email continuity service with IBM which includes support for Blackberry(s).
- Worked with IBM to prepare for recovery of priority 2 through 4 applications at their Sterling Forest, NY facility. Implemented a network connection to this facility through Verizon and commenced daily "data replication" to this facility in October.
- Performed several successful tests of our ability to recover at the IBM facility. A 24 hour preliminary test in September and then a 48 hour integrated DR test at Sterling Forest for 26 primary applications including Human Resources and payroll, Financial system, and Banner Student System. Recovery of these systems with testing took approximately 34 hours. This test included over 100 participants.
- IBM Consulting worked with CIS to develop a sustainable DR program that includes annual testing and maintenance. We completed a first revision of an IT DR plan. This plan outlines DR teams and responsibilities as well as a thorough management checklist for decision support in the event of a disaster.
- With assistance from IBM we facilitated a table top exercise with IT DR team and Crisis Management committee involving almost 50 participants. The scenario was an explosion in CIT basement with human casualties as well as facility/equipment damage. This exercise was a test of both the business unit business continuity plans as well as the newly prepared IT DR plan.
- PII Working Group was convened, and championed by the CISO; new policy has been drafted, a data stewardship program has been developed, and regulatory requirements are being consolidated; special emphasis has been placed on social security numbers, GLBA, and the new MA Data Protection Law
- Gap analysis performed; policy set made more robust with addition of:
- Multi-Function Network Device standards
- Skype and P2P voice standards and guidelines
- Security policy set undergoing a periodic review and refresh
- Additional training sessions developed and implemented
- ISG Position Paper standard developed; several implemented
- Scanning infrastructure upgraded; scalable process in development
- BiAnnual Risk Assessment Survey disseminated; data is being collated and evaluated
- System Access Review performed by Internal Audit; management actions developed, and mitigation is in process
- Temporary generator for data center installed.
- Old generator was removed from the roof of the CIT and work continues to ready the site for the new generator by June 2010.
- Data repository in production with 25 TB of dedicated storage and populated with an initial 317 assets.
- Initiated collection of video, images and PDFs from departments throughout campus.
- Implemented Shibboleth as a foundational service.
- Cloud solution, Vimeo, used to compliment local media storage and distribution solutions
- Hosted solution used for web collaboration and conferencing pilot, Adobe Connect pilot.
- Student email services migrated to a cloud-based solution (Google Apps for Education)
- Initiated project to move faculty and staff accounts to Google Apps for Education
- Deployed desktop backup service in the cloud for top level University administrators
- Services in the cloud are considered as an option for every new or replacement service.
- Existing services in the cloud include: Paycheck, Mozy, Touchnet, MIR3, Transportation/Parking, Telephone Billing/Work Orders/Cable Management, MRP
- 27 key administrative areas plus 17 Bio-Med administrative areas - have developed business continuity plans and participated in at least one tabletop exercise.
- IT Disaster Recovery/Business Continuity Steering Committee identified and started to update primary and back-up 'war room' locations for Core Crisis and CIS Leadership team meetings.
- IT Disaster Recovery/Business Continuity Steering Committee identified alternative work locations for departments displaced due to local disaster(s).
- Initiated project to employ a new business continuity planning tool with increased functionality and scalability. Existing plans will be transferred to this new tool in the Fall '10.